Fraudulent Email Purporting to be from the Fed

The Federal Reserve Bank has confirmed that there currently are fraudulent emails circulating claiming to be a public service announcement jointly distributed by the Federal Reserve Banks in collaboration with the Internet Crime Compliant Center (IC3) and the National White Collar Crime Center (NW3C).

The email message encourages financial institutions and their employees to visit a rouge website to download the “announcement.”

These are fraudulent emails! Do not click on any of the links or forward to other recipients.
A sample of the email is below:
************************************************************************************************
From: Federal Reserve Financial Services (fedcommunications numbers @ mail – frbservices dot org)
Subject: ATT : Your Name and Organization

This message is to be delivered to: Your Name at Your Organization

In an effort to notify and update all financial institutions and their employees of the recent fraud scenarios The Federal Reserve Banks in collaboration with IC3 and NW3C issued the following message:

A Public Service Announcement has been issued by the Internet Crime Complaint Center (IC3), which is a joint partnership between the FBI and the National White Collar Crime Center (NW3C). Financial Institutions are encouraged to share this public service announcement with account holders.
Visit (Fraudulent link was inserted here) for exact instructions and details on fraud scenarios.

IC3′s website provides a vehicle for consumer’s to file Internet crime complaints. Complaint information will be combined with other related subject information and referred to federal, state, and local law enforcement for the initiation or enhancement of investigations.
****************************************************************************

For Your Protection

At Central National Bank we’re all about service to our customers. And one of the services we provide is fraud monitoring.

For your protection, we recently placed a block on certain types of Central National Bank debit card transactions.  If you have problems using your debit card to conduct International telephone or Internet transactions, it may be due to our attempt to protect your account from fraud. Transactions affected are those that require you to key in your card number in order to make a payment.

This change will not affect traditional retail transactions (those made in person). So, if you’re traveling feel free to continue use your debit card overseas!

We know that being away from home can be tough sometimes. So make sure to let us know if you have travel plans. We can put extra monitoring in place to lend you “peace of mind” while you’re away from home.

Call your local branch if you have questions regarding this change or specific transactions.

We appreciate your business, as well as your patience and understanding! Thank you!

New Fraudulent E-mails Claiming to Be From Equifax

Equifax Corporate Security has received notice that some customers and consumers have received fraudulent emails and/or letters falsely claiming to be from Equifax.

One email purports to be from Global Customer Support Center. The email advises customers that they need to download a zip file in order to maintain their secure connection to Equifax. The file to download, however, contains a link to a malware site. There are also several links in the email to Equifax and Oracle. Other emails/letters ask customers to provide bank name, account number and other confidential information.

If you are an Equifax customer and have clicked on a link in one of these emails, immediately contact Equifax Security at Security.DataAdministration@equifax.com. If you have supplied any bank account numbers or other confidential information requested in a letter, you should immediately contact your financial institution.

If you are an Equifax customer and you have clicked on this link, contact Equifax Corporate Security immediately at (866) 493-5983 or Security.DataAdministration@equifax.com

New Fraudulent E-mails Claiming to Be From FDIC

We have received reports from customers who have received emails much like the one listed below. These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.
Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

= = = = = Sample Email = = = = = =

Suspicious E-mails Claiming to Be From FDIC

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of fraudulent e-mails that have the appearance of being from the FDIC.

The e-mails appear to be sent from various “@fdic.gov” e-mail addresses, such as “subscriptions@fdic.gov,” “alert@fdic.gov,” or “accounts@fdic.gov.

They have subject lines that read: “FDIC: Your business account” or “FDIC: About Your Business Account.”

The e-mails are addressed to “Business Customer” or “Business Owner” and state “We have important information about your bank” or “…financial institution.” They then ask recipients to “Please click here to find details.”

They conclude with, “This includes information on the acquiring bank (if applicable), how your accounts and loans are affected, and how vendors can file claims against the receivership.”

These e-mails and the link included are fraudulent and were not sent by the FDIC. Recipients should consider the intent of these e-mails as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers. Recipients should NOT access the link provided within the body of the e-mails and should NOT, under any circumstances, provide any personal financial information through this media.

Financial institutions and consumers should be aware that other subject lines and modifications to the e-mails may occur over time. The FDIC does not directly contact consumers in this manner nor does the FDIC request personal financial information from consumers.

Suspicious E-mails Claiming to Be From NACHA

The Electronic Payments Association has received reports that individuals and/or companies continue to receive fraudulent emails that have the appearance of having been sent from NACHA. These emails vary in content and appear to be transmitted from email addresses associated with the NACHA domain (@nacha.org). Some bear the name of fictitious NACHA employees and/or departments.

NACHA itself does not process nor touch the ACH transactions that flow to and from organizations and financial institutions. NACHA does not send communications to persons or organizations about individual ACH transactions that they originate or receive.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

See a sample below.

 

= = = = = Sample Email = = = = = =
From:payments@nacha.org [mailto:payments@nacha.org]
Sent: Tuesday, February 22, 2011 7:32 AM
To: Doe, John
Subject: ACH transaction rejected

The ACH transaction, recently sent from your checking account (by you or any other person), was cancelled by the Electronic Payments Association.

Please click here to view report
——————————————————————

Otto Tobin,
Risk Manager

Posted March 7, 2010

Suspicious E-mails Claiming to Be From the Federal Reserve

There are reports that individuals and/or companies are receiving fraudulent emails that have the appearance of being sent from the Federal Reserve. Specifically, the email claims to be from the Federal Reserve Wire Network and appears to be sent from “fedwire@federalreserve.gov.” See a sample below.

= = = = = Sample Email = = = = = =

From: fedwire@federalreserve.gov[mailto:fedwire@federalreserve.gov]
Sent: Wednesday, March 02, 2011 10:09 AM
To: Doe, John
Subject: Your Wire fund transfer

The Wire transaction , recently sent from your checking account (by you or any other person), was cancelled by the Federal Reserve Wire Network.

Please click here to view details

——————————————————————

Adam Diaz ,
Fraud Department

= = = = = = = = = = = = = = = = = = =

This is a fraudulent email. It was not sent by the Federal Reserve. Do NOT click on any of the links.

Be aware that phishing emails frequently have attachments and/or links to Web pages that host malicious code and software. Do not open attachments or follow Web links in unsolicited emails from unknown parties or from parties with whom you do not normally communicate, or that appear to be known but are suspicious or otherwise unusual.

Suspicious Telephone Calls Claiming to Be From the FDIC

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of suspicious telephone calls where the caller claims to represent the FDIC and is calling regarding the collection of an outstanding debt.

To date, the callers have alleged that the call recipient is delinquent in payment of a loan that was applied for over the Internet or made through a payday lender. The loan may or may not actually exist. The caller attempts to authenticate the claim by providing sensitive personal information, such as name, Social Security number, and date of birth, supposedly taken from the loan application. The recipient is then strongly urged to make a payment over the phone to “avoid a lawsuit and possible arrest.” In some instances, the caller is said to sound aggressive and threatening.

These suspicious telephone calls are fraudulent. Recipients should consider them as an attempt to steal money or collect personal identifying information. The FDIC generally does not initiate unsolicited telephone calls to consumers and is not involved with the collection of debts on behalf of operating lenders and financial institutions.

If a caller demonstrates that he or she has the recipient’s sensitive personal information, such as Social Security number, date of birth, and bank account numbers, the recipient may be the victim of identity theft and should review his or her credit reports for signs of possible fraud. The individual should also consider placing a “fraud alert” on his or her credit reports. This can be done by contacting one of the three consumer reporting companies listed below. Only one of the three companies needs to be contacted. That company is required to contact the other two, which will place an alert on their versions of the report.

  • TransUnion: 1-800-680-7289; www.transunion.com; Fraud Victim Assistance Division, P.O. Box 6790, Fullerton, California 92834-6790
  • Equifax: 1-800-525-6285; www.equifax.com; P.O. Box 740241, Atlanta, Georgia 30374-0241
  • Experian: 1-888-EXPERIAN (397-3742); www.experian.com; P.O. Box 9554, Allen, Texas 75013

Automated Phone Message Attack in Progress

Pre-recorded phone messages are being delivered to random consumers with the warning that their debit cards have been closed. When consumers call the telephone number provided in the recording they hear a request for their 16-digit card number and PIN.

Please do not call – these messages are from fraudsters trying to collect your personal information. Central National Bank will never call you to ask for your account number, card number, or PIN.

Always use extreme caution when you receive an unknown call or text. Please do not give any account or personal information to an unknown caller.

If you have any questions, please call 1-888-262-5456.

False E-mail Claiming to Be From the FDIC

The Federal Deposit Insurance Corporation (FDIC) has received numerous reports of a fraudulent e-mail that has the appearance of being sent from the FDIC. For more information you can visit the FDICs website.

The subject line of the e-mails state, “you need to check your Bank Deposit Insurance Coverage.” The e-mail tells recipients that, “You have received this message because you are a holder of a FDIC-insured bank account. Recently FDIC has officially named the bank you have opened your account with as a failed bank, thus, taking control of its assets.” The e-mail then directs recipients to click on a link stating, “You need to visit the official FDIC website and perform the following steps to check your Deposit Insurance Coverage.”

This e-mail and associated Web site are fraudulent. Recipients should consider the intent of this e-mail as an attempt to collect personal or confidential information, or to load malicious software onto end users’ computers and should not click on the link provided.

The FDIC does not issue unsolicited e-mails to consumers. Financial institutions and consumers should NOT follow the link in the fraudulent e-mail.

Criminals often use names of organizations we all know to lure users into clicking links that may infect their computer. Users should always ask themselves if an email makes sense. If not, never click links or open attachments in the email. If suspicious, contact the agency directly to verify legitimacy.

U.S. Census Bureau 2010 Census Campaign Warning

US-CERT asks users to be vigilant during the U.S. Census Bureau’s 2010 Census campaign and to watch for potential census scams.

According to the U.S. Census 2010 website, they began delivery of the printed census forms to every resident in the United States on March 1, 2010. The only way to complete the census is by filling in the form using pen and ink; in some instances, census takers will be visiting households to complete the form face-to-face. It is important to understand that the U.S. Census Bureau will not, under any circumstances, be providing an online option to complete the 2010 census form.

US-CERT encourages all residents in the United States to take the following measures to protect themselves: